CN111597075B - Method for recovering data from data storage device encrypted by hardware - Google Patents
Method for recovering data from data storage device encrypted by hardware Download PDFInfo
- Publication number
- CN111597075B CN111597075B CN202010392915.7A CN202010392915A CN111597075B CN 111597075 B CN111597075 B CN 111597075B CN 202010392915 A CN202010392915 A CN 202010392915A CN 111597075 B CN111597075 B CN 111597075B
- Authority
- CN
- China
- Prior art keywords
- decryption
- data
- partition
- apfs
- key3
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Abstract
The invention provides a method for recovering data from a data storage device encrypted by hardware, which comprises the following steps: s1, acquiring mark data of a decryption KEY5 and an APFS encryption volume; s2, acquiring a decryption KEY1; s3, requesting a main record of the partition KEY zone information from the security chip by using the decryption KEY1; s4, requesting the sub-region KEY region information secondary record to the security chip by using the decryption KEY1; s5, acquiring ciphertext information of the decryption KEY3 from the partition KEY area information main record by using the mark data; s6, acquiring a decryption KEY4 from the information secondary record of the partition KEY zone by using the marked data; s7, acquiring a decryption KEY3 from the security chip by using the ciphertext information of the decryption KEY4, the decryption KEY5 and the decryption KEY3; s8, using the decryption KEY3 to request the security chip for decrypting data to obtain a data block; and S9, analyzing the structure of the recombined data block by using a data recovery module, and successfully recovering the data stored on the data storage device. The invention solves the problem that the data can not be repaired by using a conventional data recovery method on a computer provided with a security chip.
Description
Technical Field
The invention relates to the field of computers and the technical field of data recovery, in particular to a method for recovering data from a data storage device encrypted by hardware.
Background
Data recovery is a technology for restoring damaged data by reading original data on a disk and analyzing the original data acquired from the disk through a file and file system related algorithm under the condition that the disk data is damaged.
Magnetic disks, SSD hard disks, U disks, etc. are only carriers of data, and when data is stored on these carriers, it is an unordered manner. In order to facilitate data management, an algorithm is required to uniformly manage and schedule the unnecessary data, so that the unnecessary data can reach an ordered state on the storage device, and reading and management are facilitated. However, when the data in the unified management method is damaged, the data on the storage device falls into a disordered state again, and becomes unreadable and manageable, and the specific representation is that the file cannot be accessed normally. Such as RAW disk, data being deleted by error, etc., which we commonly use. Under the circumstance, normal data remaining on the storage device needs to be read, and the lost data needs to be repaired and restored through inverse analysis and calculation of an algorithm by combining with a data organization method and the like, so that the purpose that the data can be normally accessed again is achieved.
However, this technique must require that the data stored on the storage device is in a plaintext state, or convert the non-plaintext data on the storage device into plaintext data by a certain method, and then perform a reverse analysis of data repair, so that the data can be normally accessed again, which is a method for recovering conventional data.
On new Mac computers (including MacBook, mac Mini, iMac, etc.), a security chip called T2 is introduced. The security chip will encrypt all data stored in the memory device of the mac computer. Any software cannot directly read the data from the storage device to the plaintext, resulting in a data recovery failure. On a computer provided with a T2 security chip, when data is damaged, the data cannot be restored and restored by using a conventional data restoration method, so that data loss is caused.
Disclosure of Invention
The invention provides a method for recovering data from data storage equipment encrypted by hardware, which solves the problems that data cannot be restored and restored by using a conventional data recovery method after the data is damaged on a computer provided with a security chip, so that the data is completely lost and cannot be recovered.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows: a method of recovering data from a hardware encrypted data storage device, comprising the steps of:
s1, acquiring a password and mark data of an APFS encryption volume of data to be recovered from data storage equipment encrypted by hardware, wherein the password of the APFS encryption volume is decryption KEY5;
s2, requesting a KEY service to the security chip to acquire a decryption KEY1;
s3, using the decryption KEY1 to request a partition KEY area information main record containing the ciphertext information of the decryption KEY3 of the APFS partition from the security chip;
s4, requesting the APFS partition for the partition KEY area information secondary record containing the decryption KEY4 from the security chip by using the decryption KEY1;
s5, acquiring the ciphertext information of the decryption KEY3 from the partition KEY area information main record containing the ciphertext information of the decryption KEY3 by using the tag data of the APFS encryption volume;
s6, acquiring decryption KEY4 from the partition KEY area information secondary record containing the decryption KEY4 by using the mark data of the APFS encryption volume;
s7, acquiring a decryption KEY3 from the security chip by using the ciphertext information of the decryption KEY4, the decryption KEY5 and the decryption KEY3;
s8, requesting the data stored in the data storage device to be decrypted by using the decryption KEY3, and obtaining a data block after decryption;
and S9, analyzing the structure of the recombined data block by using a data recovery module, and restoring the APFS partition data, wherein the APFS partition data is successfully recovered, namely the data stored on the data storage device is successfully recovered.
Preferably, step S1 includes:
and S11, obtaining the partition marking data of the APFS partition where the APFS encrypted volume of the data to be recovered is located from the data storage equipment encrypted by the hardware.
Preferably, step S2 includes:
and S21, acquiring a decryption KEY2 by using the partition mark data, and acquiring a decryption KEY1 from the security chip by using the decryption KEY2.
Preferably, step S21 includes:
and S211, acquiring the partition mark data acquired in the S11.
Preferably, step S21 further includes:
step S212, acquiring the mark data of the decryption KEY1 of the KEY area of the APFS partition from the built-in secure storage chip of the computer by using the partition mark data, namely acquiring the decryption KEY2.
Preferably, step S4 includes:
and S41, acquiring the storage position information of the secondary record of the partition KEY area information containing the decryption KEY4 from the main record of the partition KEY area information containing the ciphertext information of the decryption KEY3 by using the mark data of the APFS encryption volume.
Preferably, step S4 further includes:
and S42, requesting the sub-record of the partition KEY area information containing the decryption KEY4 from the security chip by using the storage position information of the sub-records of the decryption KEY1 and the partition KEY area information containing the decryption KEY 4.
Preferably, the decryption KEY1 is a decryption KEY for decrypting the KEY area record data of the APFS partition.
Preferably, the decryption KEY3 is a decryption KEY for decrypting APFS encrypted volume data within the APFS partition.
Preferably, the security chip is a security chip for decrypting data to be recovered.
Preferably, step S21 further includes:
step S213, generating a new command request data packet P1;
step S214, filling the decryption KEY2 into the command request data packet P1;
s215, sending a command request data packet P1 to the security chip to request decryption KEY1, and returning the decryption KEY1 to the security chip;
step S216, storing the decryption KEY1 to the local for subsequent use.
Preferably, step S3 comprises:
s31, reading all possible super blocks of the APFS partition, and arbitrating the most correct super block according to the read information of all the super blocks;
s32, acquiring address information, which is recorded on the data storage device, of the partition KEY area information containing the ciphertext information of the decryption KEY3 from the super block;
s33, generating a new command request data packet P2;
step S34, packing the decryption KEY1 stored in the step S216 into a command request data packet P2;
step S35, packaging the address information into a command request data packet P2;
s36, packaging equipment information of data to be recovered into a command request data packet P2;
s37, sending a command request data packet P2 to the security chip to request a partition KEY area information main record containing the ciphertext information of the decryption KEY3;
s38, checking the main record of the partition KEY zone information of the plaintext data returned by the security chip, wherein the partition KEY zone information contains the ciphertext information of the decryption KEY3;
and S39, successfully acquiring the partition KEY area information main record containing the ciphertext information of the decryption KEY3, and storing the partition KEY area information main record containing the ciphertext information of the decryption KEY3 to the local for later use.
Preferably, step S42 includes:
step S421, generating a new command request data packet P5;
step S422, packing the decryption KEY1 stored in the step S216 into a command request data packet P5;
step S423, packing the storage position information of the partition KEY area information secondary record containing the decryption KEY4 acquired in the step S41 into a command request data packet P5;
step S424, packaging the equipment information of the data to be recovered into a command request data packet P5;
step S425, sending a command request data packet P5 to the security chip to request the sub-record of the information of the partition KEY area containing the decryption KEY4;
step S426, checking the sub-record of the partition KEY zone information containing the decryption KEY4 of the plaintext data returned by the security chip;
and S427, acquiring the partition KEY area information containing the decryption KEY4, recording successfully, and storing the partition KEY area information containing the decryption KEY4 to be recorded locally for later use.
Preferably, step S8 includes:
s81, acquiring the position information of the data block to be decrypted on the data storage device;
step S82, creating a data decryption command request packet P4;
step S83, adding the decryption KEY3 obtained in the step S7 into a data decryption command request packet P4;
step S84, adding the data length L of the data block to be decrypted into a data decryption command request packet P4;
s85, adding the position information of the data block to be decrypted on the data storage device into a data decryption command request packet P4;
s86, sending a data decryption command request packet P4 to the security chip to request decryption of the data block to be decrypted;
and S87, obtaining the data block of the data plaintext of the data block to be decrypted.
Compared with the prior art, the invention has the following beneficial effects: the method can recover the ciphertext data encrypted by the security chip, and mainly comprises the steps of obtaining KEY data such as a password and mark data of an APFS encryption volume of a data block to be decrypted, partition mark data, decryption KEY1, decryption KEY2, decryption KEY3, decryption KEY4, decryption KEY5 and decryption KEY3, partition KEY area information secondary record containing the decryption KEY4, partition KEY area information primary record containing the decryption KEY3 and the like, and using the KEY data to perform related access and interaction with the security chip, so that the data block of a data plaintext is obtained by decrypting the data stored in an APFS area where the data block to be recovered is located, analyzing and processing the data block through a data recovery module, and performing recovery and recovery on the APFS partition data, wherein the APFS partition data is recovered successfully, namely the data stored in a data storage device is recovered successfully, and the purpose of recovering the data to be recovered is achieved.
Drawings
FIG. 1 is a schematic diagram illustrating the steps of a method for recovering data from a data storage device encrypted by hardware according to the present invention.
FIG. 2 is a schematic diagram illustrating the steps of obtaining decryption KEY1 in a method for recovering data from a hardware-encrypted data storage device according to the present invention.
FIG. 3 is a diagram illustrating the steps of obtaining a partition KEY zone information master record containing ciphertext information of a decrypt KEY3 according to a method of recovering data from a data storage device encrypted by hardware.
FIG. 4 is a schematic diagram of the steps of obtaining a secondary record of partition KEY zone information containing decryption KEY4 according to one method of recovering data from a hardware-encrypted data storage device.
FIG. 5 is a diagram illustrating steps for retrieving a block of data in the clear of data according to one method of recovering data from a data storage device that is hardware encrypted according to the present invention.
Detailed Description
The technical solutions of the present invention are further described in detail below with reference to the accompanying drawings, but the scope of the present invention is not limited to the following descriptions.
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings of the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without inventive efforts based on the embodiments of the present invention, are within the scope of protection of the present invention. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
The present invention will be further described with reference to the following examples, which are intended to illustrate only some, but not all, of the embodiments of the present invention. Other embodiments used by those skilled in the art can be obtained without any creative effort based on the embodiments in the present invention, and all of them belong to the protection scope of the present invention.
Referring to fig. 1 to 5, an embodiment of the present invention is shown, which is for illustration purposes only and is not limited to this structure.
Example one
As shown in fig. 1, a method for recovering data from a data storage device encrypted by hardware comprises the following steps:
s1, acquiring a password and mark data of an APFS encryption volume of data to be recovered from data storage equipment encrypted by hardware, wherein the password of the APFS encryption volume is decryption KEY5;
s2, requesting a KEY service to the security chip to acquire a decryption KEY1;
s3, using the decryption KEY1 to request a partition KEY area information main record containing the ciphertext information of the decryption KEY3 of the APFS partition from the security chip;
s4, requesting the APFS partition for the partition KEY area information secondary record containing the decryption KEY4 from the security chip by using the decryption KEY1;
s5, acquiring the ciphertext information of the decryption KEY3 from the partition KEY area information main record containing the ciphertext information of the decryption KEY3 by using the tag data of the APFS encryption volume;
s6, acquiring decryption KEY4 from the partition KEY area information secondary record containing the decryption KEY4 by using the mark data of the APFS encryption volume;
s7, acquiring a decryption KEY3 from the security chip by using the ciphertext information of the decryption KEY4, the decryption KEY5 and the decryption KEY3;
s8, requesting the data stored in the data storage device to be decrypted by using the decryption KEY3, and obtaining a data block after decryption;
and S9, analyzing the structure of the recombined data block by using a data recovery module, and restoring the APFS partition data, wherein the APFS partition data is successfully recovered, namely the data stored on the data storage equipment is successfully recovered.
The data recovery module is a module using a conventional data recovery algorithm, belongs to the existing mature technology, and is not described here. The decryption KEY4 is a KEY for decrypting the KEY3 together with the decryption KEY5, and the decryption KEY5 is a password input by a user or KEY data generated by a system.
Preferably, step S1 includes:
and S11, obtaining the partition marking data of the APFS partition where the APFS encrypted volume of the data to be recovered is located from the data storage equipment encrypted by the hardware.
Preferably, step S2 comprises:
and S21, acquiring a decryption KEY2 by using the partition mark data, and acquiring a decryption KEY1 from the security chip by using the decryption KEY2.
As shown in fig. 2, step S21 includes:
and S211, acquiring the partition mark data acquired in the S11.
Step S212, acquiring the mark data of the decryption KEY1 of the KEY area of the APFS partition from the built-in secure storage chip of the computer by using the partition mark data, namely acquiring the decryption KEY2.
In this embodiment, step S4 includes:
and S41, acquiring the storage position information of the secondary record of the partition KEY area information containing the decryption KEY4 from the main record of the partition KEY area information containing the ciphertext information of the decryption KEY3 by using the mark data of the APFS encryption volume.
And S42, requesting the sub-record of the partition KEY area information containing the decryption KEY4 from the security chip by using the storage position information of the sub-records of the decryption KEY1 and the partition KEY area information containing the decryption KEY 4.
Preferably, the decryption KEY1 is a decryption KEY for decrypting the KEY area record data of the APFS partition.
More preferably, decryption KEY3 is a decryption KEY to decrypt APFS encrypted volume data within an APFS partition.
The security chip is used for decrypting data of the data to be recovered. In this embodiment, the secure chip is an Apple T2 secure chip, and the Apple T2 secure chip is a secure device installed on an Apple computer device such as a MacBook, iMac, or the like, and used for data encryption and decryption. The hardware device which can encrypt the storage data and the storage data KEY on the computer through hardware is the category of the security chip as long as the requirement is met.
Example two
As shown in fig. 2, step S21 further includes:
step S213, generating a new command request data packet P1;
step S214, filling the decryption KEY2 into the command request data packet P1;
s215, sending a command request data packet P1 to the security chip to request a decryption KEY1, and returning the decryption KEY1 by the security chip;
step S216, storing the decryption KEY1 to the local for subsequent use.
In steps S213 to S215, the decryption KEY1 may be requested from the security chip by directly calling the system API function using the decryption KEY2.
EXAMPLE III
As shown in fig. 3, step S3 includes:
s31, reading all possible super blocks of the APFS partition, and arbitrating the most correct super block according to the read information of all the super blocks;
s32, acquiring address information, which is recorded on the data storage device, of the partition KEY area information containing the ciphertext information of the decryption KEY3 from the super block;
s33, generating a new command request data packet P2;
step S34, packing the decryption KEY1 stored in the step S216 into a command request data packet P2;
step S35, packaging the address information into a command request data packet P2;
s36, packaging equipment information of data to be recovered into a command request data packet P2;
s37, sending a command request data packet P2 to the security chip to request a partition KEY area information main record containing the ciphertext information of the decryption KEY3;
s38, checking the main record of the partition KEY zone information of the plaintext data returned by the security chip, wherein the partition KEY zone information contains the ciphertext information of the decryption KEY3;
and S39, successfully acquiring the partition KEY area information main record containing the ciphertext information of the decryption KEY3, and storing the partition KEY area information main record containing the ciphertext information of the decryption KEY3 to the local for later use.
In steps S33 to S37, the system API function may be directly called to request the partition KEY area information master record containing the ciphertext information of the decryption KEY3 from the security chip by using the decryption KEY1, the address information, and the partition flag data.
Example four
As shown in fig. 4, step S42 includes:
step S421, generating a new command request data packet P5;
step S422, packing the decryption KEY1 stored in the step S216 into a command request data packet P5;
step S423, packing the storage position information of the partition KEY area information secondary record containing the decryption KEY4 acquired in the step S41 into a command request data packet P5;
step S424, packaging the equipment information of the data to be recovered into a command request data packet P5;
step S425, sending a command request data packet P5 to the security chip to request the sub-record of the information of the partition KEY area containing the decryption KEY4;
step S426, checking the sub-record of the partition KEY zone information containing the decryption KEY4 of the plaintext data returned by the security chip;
and S427, acquiring the partition KEY area information containing the decryption KEY4, recording successfully, and storing the partition KEY area information containing the decryption KEY4 to be recorded locally for later use.
In steps S421 to S425, the decryption KEY1, the storage location information of the sub-record of the partition KEY area information containing the decryption KEY4, and the partition mark data may be directly used to request the sub-record of the partition KEY area information containing the decryption KEY4 from the security chip by calling the system API function.
EXAMPLE five
As shown in fig. 5, step S8 includes:
s81, acquiring the position information of the data block to be decrypted on the data storage device;
step S82, creating a data decryption command request packet P4;
step S83, adding the decryption KEY3 obtained in the step S7 into a data decryption command request packet P4;
step S84, adding the data length L of the data block to be decrypted into a data decryption command request packet P4;
s85, adding the position information of the data block to be decrypted on the data storage device into a data decryption command request packet P4;
s86, sending a data decryption command request packet P4 to the security chip to request decryption of the data block to be decrypted;
and S87, obtaining the data block of the data plaintext of the data block to be decrypted.
In steps S82 to S86, the decryption KEY3, the data length L of the data block to be decrypted, and the location information of the data block to be decrypted on the data storage device may be directly used to request the security chip to decrypt the data block to be decrypted by calling the system API function.
The above-described embodiments are intended to be illustrative, not limiting, of the invention, and therefore, variations of the example values or substitutions of equivalent elements are intended to be within the scope of the invention.
From the above detailed description, it will be apparent to those skilled in the art that the foregoing objects and advantages of the present invention are achieved and are in accordance with the requirements of the patent laws.
Claims (10)
1. A method of recovering data from a data storage device that is hardware encrypted, comprising the steps of:
s1, acquiring a password and mark data of an APFS encryption volume of data to be recovered from data storage equipment encrypted by hardware, wherein the password of the APFS encryption volume is decryption KEY5;
s2, requesting KEY service to the security chip to acquire a decryption KEY1;
s3, using the decryption KEY1 to request a partition KEY area information main record containing ciphertext information of the decryption KEY3 of the APFS partition from the security chip;
s4, requesting the APFS partition for the partition KEY area information secondary record containing the decryption KEY4 from the security chip by using the decryption KEY1;
s5, acquiring the ciphertext information of the decryption KEY3 from the partition KEY area information main record containing the ciphertext information of the decryption KEY3 by using the tag data of the APFS encryption volume;
s6, acquiring decryption KEY4 from the partition KEY area information secondary record containing the decryption KEY4 by using the mark data of the APFS encryption volume;
s7, acquiring a decryption KEY3 from the security chip by using the ciphertext information of the decryption KEY4, the decryption KEY5 and the decryption KEY3;
s8, requesting the data stored in the data storage device to be decrypted by using the decryption KEY3, and obtaining a data block after decryption;
and S9, analyzing the structure of the recombined data block by using a data recovery module, and restoring the APFS partition data, wherein the APFS partition data is successfully recovered, namely the data stored on the data storage device is successfully recovered.
2. The method of claim 1, wherein step S1 comprises:
and S11, acquiring the partition marking data of the APFS partition where the APFS encrypted volume of the data to be restored is located from the data storage equipment encrypted by the hardware.
3. The method of claim 2, wherein step S2 comprises:
and S21, acquiring a decryption KEY2 by using the partition mark data, and acquiring a decryption KEY1 from the security chip by using the decryption KEY2.
4. A method for recovering data from a hardware encrypted data storage device according to claim 3, wherein step S21 comprises:
step S211, the partition mark data acquired in the step S11 is acquired.
5. The method of claim 4, wherein step S21 further comprises:
step S212, the partition marking data is used for obtaining the marking data of the decryption KEY1 of the KEY area of the APFS partition from the built-in safe storage chip of the computer, namely obtaining the decryption KEY2.
6. The method for recovering data from a hardware encrypted data storage device of claim 1, wherein step S4 comprises:
and S41, acquiring the storage position information of the secondary record of the partition KEY area information containing the decryption KEY4 from the main record of the partition KEY area information containing the ciphertext information of the decryption KEY3 by using the mark data of the APFS encryption volume.
7. The method for recovering data from a hardware encrypted data storage device of claim 6, wherein step S4 further comprises:
and S42, requesting the sub-record of the partition KEY area information containing the decryption KEY4 from the security chip by using the storage position information of the sub-record of the partition KEY area information containing the decryption KEY1 and the decryption KEY 4.
8. The method for recovering data from a hardware encrypted data storage device of claim 1, wherein the decryption KEY1 is a decryption KEY for decrypting the KEY area record data of the APFS partition.
9. The method of claim 1, wherein the decryption KEY3 is a decryption KEY to decrypt APFS encrypted volume data within an APFS partition.
10. The method of claim 1, wherein the security chip is a security chip that decrypts data to be recovered.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010392915.7A CN111597075B (en) | 2020-05-11 | 2020-05-11 | Method for recovering data from data storage device encrypted by hardware |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010392915.7A CN111597075B (en) | 2020-05-11 | 2020-05-11 | Method for recovering data from data storage device encrypted by hardware |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111597075A CN111597075A (en) | 2020-08-28 |
CN111597075B true CN111597075B (en) | 2023-04-07 |
Family
ID=72187019
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010392915.7A Active CN111597075B (en) | 2020-05-11 | 2020-05-11 | Method for recovering data from data storage device encrypted by hardware |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111597075B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112257122A (en) * | 2020-10-22 | 2021-01-22 | 深圳软牛科技有限公司 | Data processing method, device and equipment based on T2 chip and storage medium |
CN114697744B (en) * | 2020-12-28 | 2023-12-19 | 海能达通信股份有限公司 | Video data processing method and related device |
CN113282939B (en) * | 2021-06-07 | 2022-05-24 | 中国电子科技集团公司第二十九研究所 | Data unloading encryption and decryption method and system based on PowerPC and detachable storage equipment |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107332660A (en) * | 2017-06-28 | 2017-11-07 | 深圳市对接平台科技发展有限公司 | A kind of Novel movable data encryption security system |
CN108351925A (en) * | 2015-11-13 | 2018-07-31 | 微软技术许可有限责任公司 | Unlock and recovery to encryption device |
CN109582500A (en) * | 2018-11-26 | 2019-04-05 | 万兴科技股份有限公司 | Data reconstruction method, device, computer equipment and storage medium |
CN110232004A (en) * | 2019-06-13 | 2019-09-13 | 深圳麦风科技有限公司 | A kind of APFS file system data restoration methods |
CN110309019A (en) * | 2019-07-02 | 2019-10-08 | 四川效率源信息安全技术股份有限公司 | A kind of fast quick-recovery simultaneously extracts the method that file is deleted in APFS |
WO2019216975A1 (en) * | 2018-05-07 | 2019-11-14 | Strong Force Iot Portfolio 2016, Llc | Methods and systems for data collection, learning, and streaming of machine signals for analytics and maintenance using the industrial internet of things |
CN111737057A (en) * | 2020-06-24 | 2020-10-02 | 深圳软牛科技有限公司 | APFS file system data recovery method and device and electronic equipment |
-
2020
- 2020-05-11 CN CN202010392915.7A patent/CN111597075B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108351925A (en) * | 2015-11-13 | 2018-07-31 | 微软技术许可有限责任公司 | Unlock and recovery to encryption device |
CN107332660A (en) * | 2017-06-28 | 2017-11-07 | 深圳市对接平台科技发展有限公司 | A kind of Novel movable data encryption security system |
WO2019216975A1 (en) * | 2018-05-07 | 2019-11-14 | Strong Force Iot Portfolio 2016, Llc | Methods and systems for data collection, learning, and streaming of machine signals for analytics and maintenance using the industrial internet of things |
CN109582500A (en) * | 2018-11-26 | 2019-04-05 | 万兴科技股份有限公司 | Data reconstruction method, device, computer equipment and storage medium |
CN110232004A (en) * | 2019-06-13 | 2019-09-13 | 深圳麦风科技有限公司 | A kind of APFS file system data restoration methods |
CN110309019A (en) * | 2019-07-02 | 2019-10-08 | 四川效率源信息安全技术股份有限公司 | A kind of fast quick-recovery simultaneously extracts the method that file is deleted in APFS |
CN111737057A (en) * | 2020-06-24 | 2020-10-02 | 深圳软牛科技有限公司 | APFS file system data recovery method and device and electronic equipment |
Non-Patent Citations (3)
Title |
---|
Jonas Plum 等.Forensic APFS File Recovery.《ARES 2018: Proceedings of the 13th International Conference on Availability, Reliability and Security》.2018,第1-10页. * |
Kurt H. Hansen 等.Decoding the APFS file system.《Digital Investigation》.2017,第22卷第107-132页. * |
谭祥国 ; .MacOS High Sierra系统维护优化方案实践研究.重庆工贸职业技术学院学报.2019,(第04期),第31-41页. * |
Also Published As
Publication number | Publication date |
---|---|
CN111597075A (en) | 2020-08-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111597075B (en) | Method for recovering data from data storage device encrypted by hardware | |
JP4801059B2 (en) | Method, system and security means for data archiving with automatic encryption and decryption by key fragmentation | |
CN103065102B (en) | Data encryption mobile storage management method based on virtual disk | |
US9548866B2 (en) | Deletion of content in digital storage systems | |
KR100749428B1 (en) | Distributed data archive device, system and recording medium | |
US20080104417A1 (en) | System and method for file encryption and decryption | |
US8255705B2 (en) | Encryption moniker in medium auxiliary memory | |
JP4464340B2 (en) | Distributed data archiving system | |
US20070300078A1 (en) | Recording Medium, and Device and Method for Recording Information on Recording Medium | |
US10970403B1 (en) | Forensic investigation tool | |
CN104995621A (en) | Server device, private search program, recording medium, and private search system | |
KR101983120B1 (en) | Method for replication of database | |
CN109495459B (en) | Media data encryption method, system, device and storage medium | |
CN106682521B (en) | File transparent encryption and decryption system and method based on driver layer | |
CN111324901A (en) | Method for creating and decrypting enterprise security encrypted file | |
CN111399770B (en) | Data storage mode conversion method, device and storage medium | |
CN100364002C (en) | Apparatus and method for reading or writing user data | |
CN103858127B (en) | Method, system and mediation server for deleting information in order to maintain security level | |
JP2002539545A (en) | Anonymization method | |
JPS61264371A (en) | Data protection system | |
KR100879212B1 (en) | Method of making duplication file backup | |
CN112231779B (en) | Cross-platform data security protection method compatible with BitLocker encrypted disk | |
CN109240804B (en) | Method and device for managing disk resources of virtual machine | |
CA2563144C (en) | System and method for file encryption and decryption | |
JPH10340232A (en) | File copy preventing device, and file reader |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |